PixieFail, The Brand New UEFI Infection To Worry About

Five Vendors PXE Network Boot Implementations Are Scarily Vulnerable

PixieFail is a set of new UEFI vulnerabilities which affects devices running ARM, Insyde, AMI, Phoenix Technologies, or Microsoft’s implementation of PXE, otherwise known as netboot.  The UEFI need to be set up with IPv6 but unfortunately the attacker doesn’t need physical access to the system to take advantage of PixieFail.  All they need is access to your network and a program that allows them to view and capture traffic and then to inject packets.

Once they have network access, they can trigger any machine on the network, up to and including servers, to install malicious code onto the UEFI of the system.  As we have sadly learned, once infected no antivirus software will be able to detect the malicious code and a reboot or reimage will not help at all.  Take a look for BIOS updates and plan some downtime for your servers as the ease of implementation on your cloud is rather terrifying.

Leave a Reply